<?php
/**
* @file $Id: User.php 437 2007-04-23 00:57:51Z focus-sis $
* @package Focus/SIS
* @copyright Copyright (C) 2006 Andrew Schmadeke. All rights reserved.
* @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.txt
* Focus/SIS is free software. This version may have been modified pursuant
* to the GNU General Public License, and as distributed it includes or
* is derivative of works licensed under the GNU General Public License or
* other free or open source software licenses.
* See COPYRIGHT.txt for copyright notices and details.
*/

if(User('PROFILE')!='admin' && $_REQUEST['staff_id'] && $_REQUEST['staff_id']!='new' && $_REQUEST['staff_id']!=User('STAFF_ID'))
{
	if(User('USERNAME'))
	{
		echo "You're not allowed to do this! This attempted violation has been logged and your IP address was captured.";
		Warehouse('footer');
		if($FocusNotifyAddress)
			mail($FocusNotifyAddress,'HACKING ATTEMPT',"INSERT INTO HACKING_LOG (HOST_NAME,IP_ADDRESS,LOGIN_DATE,VERSION,PHP_SELF,DOCUMENT_ROOT,SCRIPT_NAME,MODNAME,USERNAME) values('$_SERVER[SERVER_NAME]','$_SERVER[REMOTE_ADDR]','".date('Y-m-d')."','$FocusVersion','$_SERVER[PHP_SELF]','$_SERVER[DOCUMENT_ROOT]','$_SERVER[SCRIPT_NAME]','$_REQUEST[modname] - tried to access user','".User('USERNAME')."')");
	}
	exit;
}
if($_REQUEST['modfunc']=='update')
{
	if($_REQUEST['staff']['SCHOOLS'])
	{
		foreach($_REQUEST['staff']['SCHOOLS'] as $school_id=>$yes)
		{
			if($yes=='Y')
				$schools .= ','.$school_id;
		}
		if($schools)
			$_REQUEST['staff']['SCHOOLS'] = $schools.',';
		else
			$_REQUEST['staff']['SCHOOLS'] = '';
	}

	if(is_numeric($_REQUEST['staff']['PROFILE']))
	{
		$_REQUEST['staff']['PROFILE_ID'] = $_REQUEST['staff']['PROFILE'];

		$profile_RET = DBGet(DBQuery("SELECT PROFILE FROM USER_PROFILES WHERE ID='".$_REQUEST['staff']['PROFILE']."'"));
		$_REQUEST['staff']['PROFILE'] = $profile_RET[1]['PROFILE'];
	}
	elseif($_REQUEST['staff']['PROFILE'])
		$_REQUEST['staff']['PROFILE_ID'] = '';

	if(count($_POST['staff']) && (User('PROFILE')=='admin' || basename($_SERVER['PHP_SELF'])=='index.php'))
	{
		if($_REQUEST['staff_id'] && $_REQUEST['staff_id']!='new')
		{
			$profile_RET = DBGet(DBQuery("SELECT PROFILE,PROFILE_ID,USERNAME FROM USERS WHERE STAFF_ID='".UserStaffID()."'"));

			// CHANGE FROM A PROFILE TO CUSTOM PERMISSIONS
			if(is_numeric($profile_RET[1]['PROFILE_ID']) && $_REQUEST['staff']['PROFILE'] == 'admin')
			{
				DBQuery("DELETE FROM USER_EXCEPTIONS WHERE USERNAME='".$profile_RET[1]['USERNAME']."'");
				DBQuery("INSERT INTO USER_EXCEPTIONS (USERNAME,MODNAME,CAN_USE,CAN_EDIT) SELECT s.USERNAME,e.MODNAME,e.CAN_USE,e.CAN_EDIT FROM USERS s,PROFILE_EXCEPTIONS e WHERE s.USERNAME='".$profile_RET[1]['USERNAME']."' AND s.PROFILE_ID=e.PROFILE_ID");
			}
			elseif(is_numeric($_REQUEST['staff']['PROFILE_ID']) && $profile_RET[1]['PROFILE']=='admin')
				DBQuery("DELETE FROM USER_EXCEPTIONS WHERE USERNAME='".$profile_RET[1]['USERNAME']."'");

			// CHANGE THE USERNAME
			if($_REQUEST['staff']['USERNAME'] && $_REQUEST['staff']['USERNAME']!=$profile_RET[1]['USERNAME'])
			{
				DBQuery("UPDATE USER_EXCEPTIONS SET USERNAME='".$_REQUEST['staff']['USERNAME']."' WHERE USERNAME='".$profile_RET[1]['USERNAME']."'");
				DBQuery("UPDATE PROGRAM_USER_CONFIG SET USERNAME='".$_REQUEST['staff']['USERNAME']."' WHERE USERNAME='".$profile_RET[1]['USERNAME']."'");
				$existing_staff = DBGet(DBQuery("SELECT 'exists' FROM USERS WHERE USERNAME='".$_REQUEST['staff']['USERNAME']."' AND SYEAR='".UserSyear()."'"));
				if(count($existing_staff))
					BackPrompt(_('A user with that username already exists for the current school year.  Choose a different username and try again.'));
			}

			$sql = "UPDATE USERS SET ";
			foreach($_REQUEST['staff'] as $column_name=>$value)
			{
				if(!is_array($value))
					$sql .= "$column_name='".str_replace("\'","''",str_replace('``','"',$value))."',";
				else
				{
					$sql .= $column_name."='||";
					foreach($value as $val)
					{
						if($val)
							$sql .= str_replace("\'","''",str_replace('``','"',$val)).'||';
					}
					$sql .= "',";
				}
			}
			$sql = substr($sql,0,-1) . " WHERE STAFF_ID='$_REQUEST[staff_id]'";
			if(User('PROFILE')=='admin')
				DBQuery($sql);
		}
		else
		{
			$existing_staff = DBGet(DBQuery("SELECT 'exists' FROM USERS WHERE USERNAME='".$_REQUEST['staff']['USERNAME']."' AND SYEAR='".UserSyear()."'"));
			if(count($existing_staff))
				BackPrompt(_('A user with that username already exists for the current school year.  Choose a different username and try again.'));
			// here, we should CHECK TO SEE IF USER WITH SAME NAME EXISTS ... PROMPT IF USER SHOULD BE CREATED ANYWAY.

			$staff_id = DBGet(DBQuery('SELECT '.db_seq_nextval('USERS_SEQ').' AS STAFF_ID'.FROM_DUAL));
			$staff_id = $staff_id[1]['STAFF_ID'];

			$sql = "INSERT INTO USERS ";
			$fields = 'SYEAR,STAFF_ID,';
			$values = "'".UserSyear()."','$staff_id',";

			if(basename($_SERVER['PHP_SELF'])=='index.php')
			{
				$fields .= 'PROFILE,';
				$values .= "'none',";
			}

			foreach($_REQUEST['staff'] as $column=>$value)
			{
				if($value)
				{
					$fields .= $column.',';
					if(!is_array($value))
						$values .= "'".str_replace("\'","''",$value)."',";
					else
					{
						$values .= "'||";
						foreach($value as $val)
						{
							if($val)
								$values .= $val.'||';
						}
						$values .= "',";
					}
				}
			}
			$sql .= '(' . substr($fields,0,-1) . ') values(' . substr($values,0,-1) . ')';
			DBQuery($sql);

			$_REQUEST['staff_id'] = $staff_id;
			$_REQUEST['modname'] = substr($_REQUEST['modname'],0,strpos($_REQUEST['modname'],'?'));
		}
	}

	if($_REQUEST['log_values'] && $_POST['log_values'])
	{
		if(count($_REQUEST['month_log_values']))
		{
			foreach($_REQUEST['month_log_values'] as $student_field_id=>$records)
			{
				foreach($records as $id=>$columns)
				{
					foreach($columns as $field_name=>$month)
					{
						$_REQUEST['log_values'][$student_field_id][$id][$field_name] = $_REQUEST['day_log_values'][$student_field_id][$id][$field_name].'-'.$month.'-'.$_REQUEST['year_log_values'][$student_field_id][$id][$field_name];
						if(!VerifyDate($_REQUEST['log_values'][$student_field_id][$id][$field_name]))
						{
							if($_REQUEST['log_values'][$student_field_id][$id][$field_name]!='--')
								$note = '<IMG SRC=assets/warning_button.gif>'._('The date you specified is not valid, so was not used.  The other data was saved.');
							unset($_REQUEST['log_values'][$student_field_id][$id][$field_name]);
						}
					}
				}
			}
		}
		foreach($_REQUEST['log_values'] as $user_field_id=>$records)
		{
			foreach($records as $id=>$columns)
			{
				if($id!='new')
				{
					$sql = "UPDATE USER_LOG_ENTRIES SET ";

					if(count($columns))
					{
						foreach($columns as $column=>$value)
						{
							$sql .= $column."='".str_replace("\'","''",$value)."',";
						}
						$sql = substr($sql,0,-1) . " WHERE ID='$id'";
						DBQuery($sql);
					}
				}
				else
				{
					$sql = "INSERT INTO USER_LOG_ENTRIES ";

					$fields = 'ID,SCHOOL_ID,USER_ID,USER_FIELD_ID,';
					$values = db_seq_nextval('USER_LOG_ENTRIES_SEQ').",'".UserSchool()."','".UserStaffID()."','".$user_field_id."',";

					$go = 0;
					foreach($columns as $column=>$value)
					{
						if($value)
						{
							$fields .= $column.',';
							$values .= "'".str_replace("\'","''",$value)."',";
							if($column!='LOG_DATE') // SINCE THE LOG_DATE HAS A DEFAULT
								$go = true;
						}
					}
					$sql .= '(' . substr($fields,0,-1) . ') values(' . substr($values,0,-1) . ')';

					if($go)
						DBQuery($sql);
				}
			}
		}
	}
	unset($_REQUEST['staff']);
	unset($_REQUEST['modfunc']);
	unset($_SESSION['_REQUEST_vars']['staff']);
	unset($_SESSION['_REQUEST_vars']['modfunc']);

	if(User('STAFF_ID')==$_REQUEST['staff_id'])
		echo '<script language=JavaScript>parent.side.location="'.$_SESSION['Side_PHP_SELF'].'?modcat="+parent.side.document.forms[0].modcat.value;</script>';
}

if(basename($_SERVER['PHP_SELF'])!='index.php')
	DrawHeader(ProgramTitle());
if(basename($_SERVER['PHP_SELF'])!='index.php')
	Search('staff_id');

if($_REQUEST['modfunc']=='delete' && basename($_SERVER['PHP_SELF'])!='index.php' && AllowEdit())
{
	if(DeletePrompt(_('user')))
	{
		DBQuery("DELETE FROM STUDENTS_JOIN_USERS WHERE STAFF_ID='".UserStaffID()."'");
		DBQuery("DELETE FROM USERS WHERE STAFF_ID='".UserStaffID()."'");
		unset($_SESSION['staff_id']);
		unset($_REQUEST['staff_id']);
		unset($_SESSION['REQUEST_vars']['staff_id']);
		echo '<script language=JavaScript>parent.side.location="'.$_SESSION['Side_PHP_SELF'].'?modcat="+parent.side.document.forms[0].modcat.value;</script>';
		Search('staff_id');
	}
}

if((UserStaffID() || $_REQUEST['staff_id']=='new') && ((basename($_SERVER['PHP_SELF'])!='index.php') || !$_REQUEST['staff']['USERNAME']) && $_REQUEST['modfunc']!='delete')
{
	if($_REQUEST['staff_id']!='new')
	{
		$sql = "SELECT * FROM USERS s WHERE s.STAFF_ID='".UserStaffID()."'";
		$QI = DBQuery($sql);
		$staff = DBGet($QI);
		$staff = $staff[1];
		echo "<FORM action=Modules.php?modname=$_REQUEST[modname]&staff_id=$_REQUEST[staff_id]&staff_id=".UserStaffID()."&modfunc=update&category_id=$_REQUEST[category_id] method=POST>";
	}
	elseif(basename($_SERVER['PHP_SELF'])!='index.php')
		echo "<FORM action=Modules.php?modname=$_REQUEST[modname]&staff_id=$_REQUEST[staff_id]&modfunc=update method=POST>";
	else
		echo "<FORM action=index.php?modfunc=create_account METHOD=POST>";

	if(basename($_SERVER['PHP_SELF'])=='index.php')
		DrawHeader(_('Create Account'));
	else
	{
		if(UserStaffID() && User('PROFILE')=='admin')
			$delete_button = '<INPUT type=button value='._('Delete').' onclick="window.location=\'Modules.php?modname='.$_REQUEST['modname'].'&staff_id='.$_REQUEST['staff_id'].'&modfunc=delete\'">';
	}
	if(User('PROFILE')!='teacher')
		$save_button = SubmitButton(_('Save'));
	DrawHeader('',$delete_button.$save_button);
	echo '<BR>';

	if(!$_REQUEST['category_id'])
		$_REQUEST['category_id'] = 1;

	if($_REQUEST['staff_id']=='new')
	{
		$tabs = array(array('title'=>_('General Info')));
	}
	else
	{
		$tabs = array(array('title'=>_('General Info'),'link'=>"Modules.php?modname=$_REQUEST[modname]&staff_id=$_REQUEST[staff_id]&category_id=1"));
		if(GetTeacher(UserStaffID(),'','PROFILE',false)=='teacher')
			$tabs[] = array('title'=>_('Schedule'),'link'=>"Modules.php?modname=$_REQUEST[modname]&staff_id=$_REQUEST[staff_id]&modfunc=teacher_schedule");

		$categories_RET = DBGet(DBQuery("SELECT ID,TITLE FROM USER_FIELD_CATEGORIES WHERE ID>1"));
		foreach($categories_RET as $category)
		{
			if(!$can_use_RET['Users/User.php&category_id='.$category['ID']])
				$tabs[] = array('title'=>$category['TITLE'],'link'=>"Modules.php?modname=$_REQUEST[modname]&staff_id=$_REQUEST[staff_id]&category_id=".$category['ID']);
		}
	}

	if($_REQUEST['modfunc']=='teacher_schedule')
		$_FOCUS['selected_tab'] = "Modules.php?modname=$_REQUEST[modname]&staff_id=$_REQUEST[staff_id]&modfunc=teacher_schedule";
	else
	{
		$_FOCUS['selected_tab'] = "Modules.php?modname=$_REQUEST[modname]&staff_id=$_REQUEST[staff_id]";
		if($_REQUEST['category_id'])
			$_FOCUS['selected_tab'] .= '&category_id='.$_REQUEST['category_id'];
	}

	if(Preferences('MENU')=='Top')
		$width = 'width=95%';
	else
		$width = 'width=99%';

	PopTable('header',$tabs,$width);
	if($_REQUEST['modfunc']=='teacher_schedule')
	{
		$schedule_RET = DBGet(DBQuery("SELECT cp.PERIOD_ID,cp.ROOM,c.TITLE,cp.COURSE_WEIGHT,cp.MARKING_PERIOD_ID FROM COURSE_PERIODS cp,COURSES c WHERE cp.COURSE_ID=c.COURSE_ID AND cp.TEACHER_ID='".UserStaffID()."' AND cp.SYEAR='".UserSyear()."'"),array('PERIOD_ID'=>'GetPeriod','MARKING_PERIOD_ID'=>'GetMP'));
		ListOutput($schedule_RET,array('TITLE'=>_('Course'),'PERIOD_ID'=>_('Period'),'ROOM'=>_('Room'),'MARKING_PERIOD_ID'=>_('Marking Period')),_('Course'),_('Courses'));
	}
	else
	{
		echo '<TABLE width=100%><TR><TD><TABLE><TR><TD>';
		if($_REQUEST['staff_id']=='new' || strpos($staff['FIRST_NAME'],"'")!==false || strpos($staff['LAST_NAME'],"'")!==false || strpos($staff['MIDDLE_NAME'],"'")!==false)
			echo SelectInput($staff['TITLE'],'staff[TITLE]',_('Title'),array('Mr.'=>_('Mr.'),'Mrs.'=>_('Mrs.'),'Ms.'=>_('Ms.'),'Miss'=>_('Miss'))).'</TD><TD>'.TextInput($staff['FIRST_NAME'],'staff[FIRST_NAME]',_('First'),'maxlength=50').' </TD><TD>'.TextInput($staff['MIDDLE_NAME'],'staff[MIDDLE_NAME]',_('Middle'),'maxlength=50').' </TD><TD>'.TextInput($staff['LAST_NAME'],'staff[LAST_NAME]',_('Last'),'maxlength=50').'</TD>';
		else
			echo '<DIV id=user_name><div onclick=\'addHTML("<TABLE><TR><TD>'.str_replace('"','\"',SelectInput($staff['TITLE'],'staff[TITLE]','Title',array('Mr.'=>'Mr.','Mrs.'=>'Mrs.','Ms.'=>'Ms.','Miss'=>'Miss'),'N/A','',false)).'</TD><TD>'.str_replace('"','\"',TextInput($staff['FIRST_NAME'],'staff[FIRST_NAME]',_('First'),'maxlength=50',false)).' </TD><TD>'.str_replace('"','\"',TextInput($staff['MIDDLE_NAME'],'staff[MIDDLE_NAME]',_('Middle'),'size=3 maxlength=50',false)).' </TD><TD>'.str_replace('"','\"',TextInput($staff['LAST_NAME'],'staff[LAST_NAME]',_('Last'),'maxlength=50',false)).'</TD></TR></TABLE>","user_name",true);\'>'.$staff['TITLE'].' '.$staff['FIRST_NAME'].' '.$staff['MIDDLE_NAME'].' '.$staff['LAST_NAME'].'</div></DIV><small>'._('Name').'</small>';

		echo '</TR></TABLE>';
		echo '</TD><TD align='.ALIGN_RIGHT.'>';
		echo '</TD></TR></TABLE>';
		echo '<HR>';

		if($_REQUEST['category_id']==1)
		{
			echo '<TABLE border=0 cellpadding=6>';
			echo '<TR>';
			echo '<TD>';
			echo TextInput($staff['USERNAME'],'staff[USERNAME]',_('Username'),'size=12 maxlength=100');
			echo '</TD>';
			echo '<TD>';
			//echo TextInput($staff['PASSWORD'],'staff[PASSWORD]',_('Password'),'size=12 maxlength=100');
			echo TextInput(array($staff['PASSWORD'],str_repeat('*',strlen($staff['PASSWORD']))),'staff[PASSWORD]',_('Password'),'size=12 maxlength=100');
			echo '</TD>';
			echo '</TR>';
			if(basename($_SERVER['PHP_SELF'])!='index.php')
			{
				echo '<TR>';
				echo '<TD>';
				if($staff['PROFILE']=='parent')
					$parent = true;

				if($staff['PROFILE_ID'])
					$staff['PROFILE'] = $staff['PROFILE_ID'];

				unset($options);
				$profiles_RET = DBGet(DBQuery("SELECT ID,TITLE,PROFILE FROM USER_PROFILES WHERE PROFILE!='student' ORDER BY PROFILE DESC,TITLE"));
				if(count($profiles_RET))
				{
					foreach($profiles_RET as $profile)
						$options[$profile['ID']] = $profile['TITLE'];
				}
				else
					$options = array();
				$options += array('teacher'=>_('Teacher with custom permissions'),'parent'=>_('Parent with custom permissions'),'admin'=>_('Administrator with custom permissions'),'none'=>_('No Access'));

				echo SelectInput($staff['PROFILE'],'staff[PROFILE]',_('User Profile'),$options);
				echo '</TD>';

				if($parent!==true)
				{
					echo '<TD>';
					$sql = "SELECT ID,TITLE FROM SCHOOLS ORDER BY TITLE";
					$QI = DBQuery($sql);
					$schools_RET = DBGet($QI);
					unset($options);
					if($_REQUEST['staff_id']=='new' && count($schools_RET)==1)
					{
						echo '<INPUT type=hidden name=staff[SCHOOLS]['.$schools_RET[1]['ID'].'] value=Y>';
					}
					elseif(count($schools_RET))
					{
						$i = 0;
						echo '<TABLE><TR>';
						foreach($schools_RET as $value)
						{
							if($i%3==0)
								echo '</TR><TR>';
							echo '<TD>'.CheckboxInput(((strpos($staff['SCHOOLS'],','.$value['ID'].',')!==false)?'Y':''),'staff[SCHOOLS]['.$value['ID'].']','','',true,'<IMG SRC=assets/check.gif width=15>','<IMG SRC=assets/x.gif width=15>').$value['TITLE'].'</TD>';
							$i++;
						}
						echo '</TR></TABLE>';
						echo '<small>'._('Schools').'</small>';
					}
					//echo SelectInput($staff['SCHOOL_ID'],'staff[SCHOOL_ID]','School',$options,'All Schools');
					echo '</TD>';
				}
				else
					echo '<TD></TD>';
				echo '</TR>';
			}
			echo '</TABLE>';
		}

		// OTHER INFO
		include($staticpath.'modules/Users/functions.php');
		$fields_RET = DBGet(DBQuery("SELECT * FROM USER_FIELDS WHERE CATEGORY_ID='$_REQUEST[category_id]' ORDER BY TITLE"),array(),array('TYPE'));
		$radio_count = count($fields_RET['radio']);

		if(UserStaffID())
		{
			$custom_RET = DBGet(DBQuery("SELECT * FROM USERS WHERE STAFF_ID='".UserStaffID()."'"));
			$value = $custom_RET[1];
		}

		echo '<TABLE cellpadding=5>';
		$i = 1;
		if(count($fields_RET['text']))
		{
			foreach($fields_RET['text'] as $field)
			{
				if(($i-1)%3==0)
					echo '<TR>';
				echo '<TD>';
				echo _makeTextInput('CUSTOM_'.$field['ID'],$field['TITLE'],'');
				echo '</TD>';
				if($i%3==0)
					echo '</TR>';
				else
					echo '<TD width=50></TD>';
				$i++;
			}
		}

		if(count($fields_RET['numeric']))
		{
			foreach($fields_RET['numeric'] as $field)
			{
				if(($i-1)%3==0)
					echo '<TR>';
				echo '<TD>';
				echo _makeTextInput('CUSTOM_'.$field['ID'],$field['TITLE'],'','size=5 maxlength=10');
				echo '</TD>';
				if($i%3==0)
					echo '</TR>';
				else
					echo '<TD width=50></TD>';
				$i++;
			}
		}

		if(count($fields_RET['date']))
		{
			foreach($fields_RET['date'] as $field)
			{
				if(($i-1)%3==0)
					echo '<TR>';
				echo '<TD>';
				echo _makeDateInput('CUSTOM_'.$field['ID'],$field['TITLE'],'');
				echo '</TD>';
				if($i%3==0)
					echo '</TR>';
				else
					echo '<TD width=50></TD>';
				$i++;
			}
		}
		if(count($fields_RET['select']))
		{
			foreach($fields_RET['select'] as $field)
			{
				if(($i-1)%3==0)
					echo '<TR>';
				echo '<TD>';
				echo _makeSelectInput('CUSTOM_'.$field['ID'],$field['TITLE']);
				echo '</TD>';
				if($i%3==0)
					echo '</TR>';
				else
					echo '<TD width=50></TD>';
				$i++;
			}
		}
		echo '</TABLE><BR>';

		$i = 1;
		if(count($fields_RET['textarea']) || count($fields_RET['multiple']) || count($fields_RET['log']))
			echo '<TABLE cellpadding=5>';
		if(count($fields_RET['textarea']))
		{
			foreach($fields_RET['textarea'] as $field)
			{
				if($i%2!=0)
					echo '<TR>';
				echo '<TD>';
				echo _makeTextareaInput('CUSTOM_'.$field['ID'],$field['TITLE']);
				echo '</TD>';
				if($i%2==0)
					echo '</TR>';
				$i++;
			}
		}

		if(count($fields_RET['multiple']))
		{
			foreach($fields_RET['multiple'] as $field)
			{
				if($i%2!=0)
					echo '<TR>';
				echo '<TD>';
				echo _makeMultipleInput('CUSTOM_'.$field['ID'],$field['TITLE']);
				echo '</TD>';
				if($i%2==0)
					echo '</TR>';
				$i++;
			}
		}

		if(count($fields_RET['log']))
		{
			foreach($fields_RET['log'] as $field)
			{
				$link = array();
				$columns = array();
				$count_fields = 0;
				echo '<TR><TD colspan=2>';
				$log_options = $field['SELECT_OPTIONS'];
				$table = $field['ID'];
				$functions = array('LOG_CHECKBOX'=>'_makeLogCheckbox','LOG_SELECT'=>'_makeLogSelect','LOG_DATE'=>'_makeLogDate','LOG_TEXT1'=>'_makeLogText','LOG_TEXT2'=>'_makeLogText','LOG_TEXT3'=>'_makeLogText','LOG_TEXT4'=>'_makeLogText','LOG_NUMERIC'=>'_makeLogText','LOG_TEXTAREA'=>'_makeLogTextArea');
				if($field['LOG_CHECKBOX'])
				{
					$count_fields++;
					$log_functions['LOG_CHECKBOX'] = $functions['LOG_CHECKBOX'];
					$columns['LOG_CHECKBOX'] = $field['LOG_CHECKBOX_TITLE'];
					$link['add']['html']['LOG_CHECKBOX'] = $functions['LOG_CHECKBOX']('','LOG_CHECKBOX');
				}
				if($field['LOG_SELECT'])
				{
					$count_fields++;
					$log_functions['LOG_SELECT'] = $functions['LOG_SELECT'];
					$columns['LOG_SELECT'] = $field['LOG_SELECT_TITLE'];
					$link['add']['html']['LOG_SELECT'] = $functions['LOG_SELECT']('','LOG_SELECT');
				}
				if($field['LOG_DATE'])
				{
					$count_fields += 2;
					$log_functions['LOG_DATE'] = $functions['LOG_DATE'];
					$columns['LOG_DATE'] = $field['LOG_DATE_TITLE'];
					$link['add']['html']['LOG_DATE'] = $functions['LOG_DATE']('','LOG_DATE');
				}
				for($i=1;$i<=5;$i++)
				{
					if($field['LOG_TEXT'.$i])
					{
						$count_fields++;
						$log_functions['LOG_TEXT'.$i] = $functions['LOG_TEXT'.$i];
						$columns['LOG_TEXT'.$i] = $field['LOG_TEXT'.$i.'_TITLE'];
						$link['add']['html']['LOG_TEXT'.$i] = $functions['LOG_TEXT'.$i]('','LOG_TEXT'.$i);
					}
				}
				if($field['LOG_TEXTAREA'])
				{
					if($count_fields<3)
						$textarea_extra = 'cols=60 rows=7';
					elseif($count_fields<5)
						$textarea_extra = 'cols=35 rows=4';
					else
						$textarea_extra = 'cols=25 rows=4';

					$log_functions['LOG_TEXTAREA'] = $functions['LOG_TEXTAREA'];
					$columns['LOG_TEXTAREA'] = $field['LOG_TEXTAREA_TITLE'];
					$link['add']['html']['LOG_TEXTAREA'] = $functions['LOG_TEXTAREA']('','LOG_TEXTAREA');
				}
				$link['remove']['link'] = "Modules.php?modname=$_REQUEST[modname]&staff_id=$_REQUEST[staff_id]&include=$_REQUEST[include]&category_id=$_REQUEST[category_id]&modfunc=delete&LO_index=".$_REQUEST['LO_index'];
				$link['remove']['variables'] = array('id'=>'ID');
				$log_RET = DBGet(DBQuery("SELECT ID,LOG_CHECKBOX,LOG_SELECT,LOG_DATE,LOG_TEXT1,LOG_TEXT2,LOG_TEXT3,LOG_TEXT4,LOG_NUMERIC,LOG_TEXTAREA FROM USER_LOG_ENTRIES WHERE USER_ID='".UserStaffID()."' AND USER_FIELD_ID='".$field['ID']."' ORDER BY ID ASC"),$log_functions);
				ListOutput($log_RET,$columns,$field['TITLE'].' '._('Entry'),$field['TITLE'].' '._('Entries'),$link,array(),array('search'=>false));
				echo '</TD></TR>';
			}
		}

		if(count($fields_RET['textarea']) || count($fields_RET['multiple']) || count($fields_RET['log']))
			echo '</TABLE>';

		echo '<BR>';

		if($radio_count)
		{
			echo '<TABLE cellpadding=5>';
			echo '<TR>';
			for($i=1;$i<=$radio_count;$i++)
			{
				$field = $fields_RET['radio'][$i];
				echo '<TD>'._makeCheckboxInput('CUSTOM_'.$field['ID'],'<b>'.$field['TITLE'].'</b>').'</TD>';
				if($i%5==0 && $i!=$radio_count)
					echo '</TR><TR>';
			}
			echo '</TD></TR>';
			echo '</TABLE>';
		}

		echo '<CENTER>'.SubmitButton(_('Save')).'</CENTER>';
	}
	PopTable('footer');
	echo '</FORM>';
}
?>